NIST publishes 50kish vulnerable code samples in Java/C/C++, is officially krad

NIST has published a fantastic project (its been out since late December, but I only just became aware of it) where they've created vulnerable code test cases for much of MITRE's CWE project in Java and c/c++. From the README "This archive contains test cases intended for use by organizations and individuals...

How not to publish SCADA security advisories

"Luigi Auriemma" has posted an interesting series of SCADA vulnerabilities to the bugtraq security list this morning. From his email "The following are almost all the vulnerabilities I found for a quick experiment some months ago in certain well known server-side SCADA softwares still vulnerable in this moment. In case someone doesn't...

The OWASP AppSec USA 2011 Call for Papers (CFP)

Lorna Alamri writes in the following announcement "The OWASP AppSec USA 2011 Call for Papers (CFP) is now open. Visit the following URL to submit your abstract for the September 22-23, 2011 talks in Minneapolis, Minnesota: http://www.appsecusa.org/talks.html We're excited to announce that speakers will be in good company with our first keynote,...
Looking for something else or having a hard time finding a story? We recently moved things around so please use the search bar on the right!